Archives

Categories

Meta

Setting up Softether VPN on OpenWRT

Edit 10th April 2018
I would like to point out that the Softether package should be available from OpenWRT package manager without manual download/compilation and in most cases you will not have to follow this guide.
Huge thanks to fededim for making this happen!

Guide
A few prerequisites

Router must have at least ~8MB free space (preferrably extroot)

Must have at least 32MB of RAM and swap on

In my case I’m running

OpenWRT Barrier Breaker 14.07 x86 on Virtaulbox with 256MB RAM.

This configuration has been tested on these routers

TP-Link TL-WR842N/ND v2 (3GB extroot, 512MB swap) ar71xx

Asus RT-N14U (1,5GB extroot, 512MB swap) RAMIPS

I assume that you have met the prerequisites stated above, therefore in this guide I will not tell how to configure your router with extroot and swap.

Softether needs a few packages to work correctly, therefore we have to install them

After the depending packages have been installed there are two ways to install softether

Using precompiled binary packages from mikmoe or my webpage, please note that only ar71xx and brcm47xx is available from mikmoe and atheros, ramips, brcm63xx, x86 is available from my webpage , therefore if your router has any other chipset such as lantiq you have to compile the packages yourself. If you have ar71xx, brcm47xx, ramips, brcm63xx, atheros feel free to skip PART 2a of this guide and continue with installing the package by following PART 2b.

Compiling the packages yourself.

PART 2a – Compiling Softether for your router
Prerequisites: PC or VM with Debian based distribution, ~5GB of space.
Connect to the PC on which you are going to compile.
To compile packages on Debian based distribution you have to install specific packages.

Choose the target system by clicking enter while on “Target System”, in my case it is x86.
Choose the architecture and press ENTER
After choosing architecture head to Network->VPN. Navigate to “softethervpn” and press space two times, to enable the compilation of package.
Now press ESC until you’ve arrived to the screen below.
Press ENTER.
It should exit the OpenWRT SDK configuration and you should be ready to compile.
NB! The compilation on Intel Xeon E3-1225v2 with 4 cores takes approximately 20 minutes. So plan your time accordingly.
When you are ready to compile the packages replace the X with the amount of cores you have access to. In my case four, this will speed up things immensely.make prepare -jX

i.emake prepare -j4

Build the softether package, once again replace X with number of cores. This process took approximately 5 minutes on my setup.make package/softethervpn/compile V=99 -jX

i.emake package/softethervpn/compile V=99 -j4

The compiled package should be available at./bin/[ARCHITECTURE]/packages/softethervpn/softethervpn_4.15-9538_[ARCHITECTURE].ipk

in my case./bin/x86/packages/softethervpn/softethervpn_4.15-9538_x86.ipk

Connect to the server where you compiled the firmware and download it, in my case I will use scp.scp [USERNAME]@[IP_ADDRESS]:~/barrier_breaker/bin/[ARCHITECTURE]/packages/softethervpn/softethervpn* /tmp/

Now install the packageopkg install /tmp/sfotethervpn*
If everything went correctly it should look like this.

PART 2b – Downloading the precompiled packages and installing them
I will use ar71xx as an example here.
NB! Yo do not need to do this if you already did Part 2a
Head to mikmoe or my webpage and look for corresponding package, in my case “softethervpn_4.14-9529_ar71xx.ipk”
Download the packagecd /tmp/ && wget [HYPERLINK]
In my casecd /tmp/ && wget http://b.mikomoe.jp/download/1423519871/attach/softethervpn_4.14-9529_ar71xx.ipk

Now you can configure L2TP support, in my case I will use l2TP, but you can choose as you like, it is always possible to enable it later.

Check what you need and set the connection Pre-Shared key.
Click Ok

Choose if you want to use VPN Azure, in my case I will not use it, because it is just too slow.
Click Ok

Here we can add users, just for the sake of testing we create one here.
Click Create Users and input username and password.
When done click exit.

Now we will set up local bridge since SecureNAT is slow by itself and will be even slower on a router.
Select “Local bridge setting”

PART 6 – Setting up Local bridge
I will provide two different ways to configure your network
a) All VPN clients are in the same subnet as local DHCP clients of your router
I.E if your computer has IP 192.168.1.2 then if someone connects to your VPN he will be assigned 192.168.1.3

b) VPN clients will have their own subnet
I.E Your computer has IP 192.168.1.2, if someone connects to your VPN he will have 192.168.50.2

PART 6a – VPN Clients are in the same subnet as your local clients

Select “Virtual Hub” “VPN”

Check “Bridge with New Tap device”

Write into “New Tap device name “soft”

Click “Create Local-Bridge”

Click OK
If everything went well the bridge status should be “Operating”

Now open up Luci (Webinterface) and head to Network->Interfaces
Click on Edit
Head to “Physical settings” and check “Ethernet Adapter: “tap_soft” ”
Click “Save & Apply” At the buttom of page.

We are done! Now every client who connects will be given IP address of your lan subnet and everything should work out of the box.

Part 6b – VPN clients are in different subnet than local clients

Select “Virtual Hub” “VPN”

Check “Bridge with New Tap device”

Write into “New Tap device name “soft”

Click “Create Local-Bridge”

Click Ok
If everything went well the bridge status should be “Operating”

Now open Luci (Webinterface) and head to Network->Interfaces
Down below interfaces click “Add new interface”
Name the interface “vpn”
And under “Cover the following interface” select “tap_soft”
When done click “Submit”
In next page under “General setup”

Now head to Network->Firewall
Find the lan->wan zone and click edit
Scroll down to “Covered networks” and check “vpn”
Click “Save & Apply”

Everything is ready! Clients who connect to your VPN will be assigned 192.168.50.x addresses.

Thank you for reading this guide!
Thanks to Lincoln Lee. Without his easily understandable Softether guides I would have never started using Softether and made this guide.
Also thanks to el1n for building the makefile, without his repository and webpage we would not be able to download precompiled packages or compile ones ourselves!

Guide made by Alberts Saulitis. If you intend to translate or copy it, please, ask for permission by e-mailing me to

do you know where ipkf for sotfetherclient /softetherbridge/softherserver / softethercmd for openwrt X86 architecture can be downloaded ?
not ar71xx..ipk or brcmxxx.ipk… i’m running Openwrt X86 in a virtual machine.
i would like to give a try to Softther.

Hello alberts00! According to your instructions, I successfully installed and use SoftEterVPN on a router TP-Link TL-WDR4300 OpenWrt Barrier Breaker 14.07! Many thanks!
But I tried to use it on a router with OpenWrt x86 Chaos Chalmers 15.05 or 15.05.1 on real hardware and the virtual machine in Hyper-V and get a problem with the configuration – can not create a “Remote Access VPN Server” and can only “Site-to-site VPN Server or VPN Bridge” https://drive.google.com/file/d/0B6Dosqok4ZSJQjBGUHVGMklhT0k/view?pref=2&pli=1
And SoftEther settings are reset after a reboot of the router.
If you use Barrier Breaker 14.07 x86 everything is working fine.
This is a problem 15.05 or x86 or SoftEther?

Hello!
I was able to reproduce the issue, most likely it was caused by the vpnbridge service, could you please try stopping it and then setting up the server?
/etc/init.d/softethervpnbridge stop
/etc/init.d/softethervpnbridge disablehttp://i.imgur.com/c691Vw3.png

Everything works after installation make
/etc/init.d/softethervpnbridge stop
/etc/init.d/softethervpnbridge disable
The settings are saved if you make
/usr/bin/env LANG=en_US.UTF-8 /usr/bin/vpnserver stop
/usr/bin/env LANG=en_US.UTF-8 /usr/bin/vpnserver start
before to restart the router.

This can also be done in LuCI: System -> Startup “softethervpnbridge” and “softethervpnclient” “Stop” “Disabled”. Also disable softetervpnklient at 14.07 it off.
The settings are saved if you make in LuCI: System -> Startup “softethervpnserver” “Stop” “Start” before to restart the router.

Hello – I am trying to complile and build for mvebu architecture to be used on a WRT1700AC running gargoyle 1.9.0 (based on chaos calmer) I manged to get the ipk bult but when I start the server I get vpnserver: can’t load library ‘libreadline.so.6’

I did that at the beginning and everything reported installed ok. But then I did a force reinstall of libreadline and it can’t find a candidate to install. I have no idea where to look for that package for mvebu.

Thanks for your help. I was able to get the server up and running – sort of. I can connect to it. Gargoyle doesn’t have the same interface settings UI though for the zones. Is there any way to do that through the command line the way you did the firewall?

Hey
Could you please share information about the environment, could it be that there is not enough RAM or you are trying to set up package with incorrect architecture?
I’m currently not able to look into it, though you can remind me at the end of of month and I will look into it.

Hey Thomas,
I’m very sorry, there seems to be an issue compiling. The SSD ran out of space when buildroot exceeded 40GB. I will try to take a look this week.
I suppose you can use the package Alex gave meanwhile.

Hey!
Unfortunately I’m quite busy right now and don’t think I will be able to touch the subject until Christmas.
I will do my best to look into it when possible, but if you find the cause yourself please leave a comment 🙂

Specify the host name or IP address of the computer that the destination VPN Server or VPN Bridge is operating on.
By specifying according to the format ‘host name:port number’, you can also specify the port number.
(When the port number is unspecified, 443 is used.)
If nothing is input and the Enter key is pressed, the connection will be made to the port number 8888 of localhost (this computer).
Hostname of IP Address of Destination:

Hello, I followed your guide. I have a Tp-Link WR710N with 4GB ext-root, openWRT 14.07: no matter what I do, I can’t get Softether working. When I start “/usr/bin/env LANG=en_US.UTF-8 /usr/bin/vpncmd”, I get: “root@WR710N:/usr/bin# /usr/bin/env LANG=en_US.UTF-8 /usr/bin/vpncmd
Killed
root@WR710N:/usr/bin#”
So, I can’t pass this step. I tried to use every version of Softether, from both sites and from 4.14 to 4.21: no go.
Any hint about this issue?
TIA!
Fabio

Hello,glad to read you so soon!
I have the European version, with 32MB RAM. It has a 4GB stick with sda1 (3.5GB) and about 500MB of sda2 as swap space. I will check logread ASAP,and let you know.
Thx again!

I am trying to compile SoftetherVpn for Raspberry Pi 3 BCM2710 Kernel. But i do get always this error while prepare: -r prepare: build failed include/toplevel.mk:181: make
Is someone able to help me with this? Thanks

Hopefuly this page is still getting some attention. I used to be able to run softether on my LinkSYS 1900AC using openwrt 15.05. I recently had to reset and rebuild the router. Softether seems to install perfectly – but when I connect to it using the server manager I do not get the option to create the Remote Access VPN Server – the option is greyed out. I upgraded to LEDE to see if that would fix it and same thing. I am back down on OpenWRT but scratching my head something fierce.

Was able to install softether from the normal repo and did not have to upload a custom build.

I also needed to do :
/etc/init.d/softethervpnbridge stop
/etc/init.d/softethervpnbridge disable

Before the Server Manager would connect properly and allow for Remote Access VPN Server to be created.

Directions above were followed (option 6a).

Did this as well after configuration to make sure everything saved propely.
/usr/bin/env LANG=en_US.UTF-8 /usr/libexec/softethervpn/vpnserver stop
/usr/bin/env LANG=en_US.UTF-8 /usr/libexec/softethervpn/vpnserver start

Hey,
I have been using softehterVPN fore a while and would like to upgrade to 4.27
where ever i look i cant find a recompiled version fo ar71xx
on the other hand when trying to do so myself i am having issues.
what is need to use your build script for Lede/openwrt 17.X and compile the latest softhether version.

Its only the server, but i try to follow the development git branch, so its the 5.1 version.

PS: Btw there is a minor issue with softether on openwrt see: https://github.com/SoftEtherVPN/SoftEtherVPN/issues/423
This means without a extroot the server will constantly write data usage and timestamps information to the config file, which resides on nvram (linked to /var from /etc). Its the only package i use with this behavior, usually such log information should be written to a separate file on /var/log, which is on tmpfs aka ram. So check your servers log/timestamp config and try to minimize anything that might go into the server_config file or setup a extroot.

Hello, eldad hadas
I am a novice with linux and I use the Archer C7 AC1750 V4 ar71xx. If you have successfully compiled softehterVPN, can you tell me how to install it. The softethervpn package of openWRT has a build error on the build system. Thank you